United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
I nilid Stall-, l'atint and Trademark Office 

Address: COMMISSIONER FOR PATENTS 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



10/699.124 



10/3 1/20(0 



21876 7590 11/19/2008 

FISH & RICHARDSON P.C. 
P.O. Box 1022 

MINNEAPOLIS, MN 55440-1022 



William M. Shapiro 



CERVETTI, DAVID GARCIA 



PAPER NUMBER 



NOTIFICATION DATE | DELIVERY MODE 
11/19/2008 ELECTRONIC 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 

Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the 

following e-mail address(es): 

PATDOCTC@fr.com 



PTOL-90A (Rev. 04/07) 



l/ffflrC? nVrliUli Otfff Iff ids y 


Application No. 

10/699,124 


Applicant(s) 

SHAPIRO ET AL. 


Examiner 

David Garcia Cervetti 


Art Unit 

2436 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 13 August 2008 . 
2a )□ This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-19,21-41 and 43-57 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) 13 Claim(s) 1-19.21-41 and 43-57 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 31 October 2003 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) ^| Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 
Paper No(s)/Mail Date 8/13/08 . 6) □ Other: . 



PTOL-T26 d (Rev e 08-06r 



Office Action Summary 



Part of Paper No./Mail Date 20081 112 



Application/Control Number: 10/699,124 Page 2 

Art Unit: 2436 

DETAILED ACTION 

1 . Applicant's arguments filed August 13, 2008, have been fully considered. 

2. Claims 1-19, 21-41, and 43-57 are pending and have been examined. 

Response to Amendment 

3. Applicant's arguments with respect to the prior art have been considered but are 
moot in view of the new ground(s) of rejection. 

4. The objection to claims 35-38 and 40 is withdrawn. 

5. The rejection of claims 45-57 under 35 USC 1 01 is withdrawn. 

Claim Rejections - 35 USC § 102 

6. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

7. Claims 1, 4-19, 21-23, 26-41, and 43-57 are rejected under 35 U.S.C. 102(e) 
as being anticipated by Garcia (US Patent 7,380,120). 

Regarding claims 1 and 23, Garcia teaches 

receiving a request from a client to take an action with respect to a first electronic 
document (col. 32, lines 20-67, offline access enablement for particular files); and 

synchronizing offline access information with the client, in response to the 
request, to pre-authorize the client, to allow actions by a user as a member of a group of 
users, by sending to the client an update to offline access information retained at the 
client, the update comprising a first key associated with the group, the first key being 
useable at the client to access a second electronic document while offline by decrypting 
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a second key in the second electronic document (col. 33, lines 1-55, update stored 
rules). 

Regarding claims 12 and 34, Garcia teaches 

synchronizing offline access information with a document control server, when 
online, to pre-authorize offline access to an electronic document, the synchronizing 
comprising receiving an update to offline access information retained locally, the update 
comprising a first key associated with a group of users of the document control server 
(col .33, lines 1-55, update stored rules); and 

allowing access to the electronic document, when offline, by performing 
operations comprising using the first key to decrypt a second key in the electronic 
document and governing actions with respect to the electronic document based on 
document-permissions information associated with the electronic document (col. 33, 
lines 1-67, user access according to updated rules while offline). 

Regarding claims 19 and 41, Garcia teaches 

encrypting an electronic document (fig.2B); and 

incorporating into the encrypted electronic document an address of a document 
control server, document-permissions information, and an encryption key useable in 
decrypting the encrypted electronic document, the encryption key being encrypted with 
a key generated by, and associated with a group of users of, the document control 
server; wherein the encryption key comprises a session key generated by the document 
control server, encrypting the electronic document comprises encrypting the electronic 
document using a document key, and incorporating comprises incorporating into the 
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encrypted electronic document a document security payload comprising the document 
key and the document-permissions information, the document security payload being 
encrypted using the session key (fig.2C.3, col. 15, lines 30-67, col. 28, lines 35-60, 
authenticate user on access of local document over at server). 
Regarding claims 45 and 56, Garcia teaches 

a document control server that synchronizes offline access information with a 
client in response to a client request, to pre-authorize offline access to an electronic 
document by sending an update to the offline access information retained at the client, 
the update comprising a first key associated with a group, the first key being useable at 
the client to access the electronic document by decrypting a second key in the 
electronic document (col. 33, lines 1-55, update stored rules); and 

the client that stores the first key in a memory and allows access to the electronic 
document, when offline, by a user as a member of the group, using the first key to 
decrypt the second key in the electronic document and governing actions with respect 
to the electronic document based on document-permissions information associated with 
the electronic document (col. 33, lines 1-67, user access according to updated rules 
while offline). 

Regarding claims 4 and 26, Garcia teaches wherein the client allows actions 
with respect to the second electronic document based on document-permissions 
information residing in the second electronic document (col. 13, lines 1-55). 

Regarding claims 5 and 27, Garcia teaches wherein the offline access 
information update further comprises document-permissions information associated with 
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multiple documents, including the second electronic document, and the client allows 
actions with respect to the second electronic document based on the document- 
permissions information (col. 33, lines 1-67). 

Regarding claims 6 and 28, Garcia teaches wherein synchronizing offline 
access information with the client comprises synchronizing silently in a background 
process without the user being aware of the update (col. 33, lines 1-67). 

Regarding claims 7 and 29, Garcia teaches wherein the request requires 
authentication, the method further comprising verifying the user at the client as an 
authenticated user (col. 32, lines 20-67). 

Regarding claims 8 and 30, Garcia teaches wherein the offline access 
information update further comprises: at least one user-specific key; at least one group- 
specific key, including the first key; and at least one set of document-permissions 
information associated with multiple documents (col. 33, lines 1-67). 

Regarding claims 9 and 31, Garcia teaches receiving an offline audit log from 
the client (col.31, lines 30-45). 

Regarding claims 10 and 32, Garcia teaches wherein the at least one set of 
document-permissions information comprises one or more policies associated with the 
first document, and the offline access information update further comprises a document 
revocation list (col. 33, lines 1-67). 

Regarding claims 11 and 33, Garcia teaches wherein the offline access 
information update further comprises at least one set of document-permissions 
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information, associated with a specific document, selected based on synchronization 
prioritization information (col. 33, lines 1-67). 

Regarding claims 13 and 35, Garcia teaches wherein governing actions with 
respect to the electronic document comprises obtaining the document-permissions 
information from the electronic document (col. 13, lines 1-67). 

Regarding claims 14 and 36, Garcia teaches wherein governing actions with 
respect to the electronic document comprises: identifying a document policy reference 
in the electronic document; and obtaining locally retained document-permissions 
information based on the document policy reference (col. 13, lines 1-67). 

Regarding claims 15 and 37, Garcia teaches wherein the offline access 
information update comprises at least one user-specific key, at least one group-specific 
key, including the first key, at least one set of document-permissions information 
associated with multiple documents, and a document revocation list (col. 13, lines 1-67). 

Regarding claims 16 and 38, Garcia teaches preventing access to the 
document, when offline, if a difference between a current time and a receipt time of the 
offline access information exceeds a server-synchronization-frequency parameter 
(col.33, lines 1-67). 

Regarding claims 17 and 39, Garcia teaches wherein the server- 
synchronization- frequency parameter is specific to the document (col.33, lines 1-67). 

Regarding claims 18 and 40, Garcia teaches maintaining an offline audit log; 
and uploading the offline audit log when online (col. 31 , lines 30-45). 
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Regarding claims 21 and 43, Garcia teaches wherein the document security 
payload further comprises a document identifier assigned by the document control 
server, and incorporating further comprises incorporating into the encrypted electronic 
document a copy of the session key encrypted using a public key associated with the 
document control server (col. 15, lines 1-67). 

Regarding claims 22 and 44, Garcia teaches wherein the document- 
permissions information specifies access permissions at a level of granularity smaller 
than the electronic document (col. 13, lines 1-67). 

Regarding claim 46, Garcia teaches wherein the electronic document comprises 
the document-permissions information (col.33, lines 1-67). 

Regarding claim 47, Garcia teaches wherein the second key comprises a 
session key generated by the document control server, and the electronic document 
further comprises a document security payload comprising a document key and the 
document-permissions information, the document security payload being encrypted 
using the session key (col.33, lines 1-67). 

Regarding claim 48, Garcia teaches wherein the offline access information 
update further comprises: at least one user-specific key; at least one group-specific key, 
including the first key; and at least one set of document-permissions information 
associated with multiple documents (col.33, lines 1-67). 

Regarding claim 49, Garcia teaches wherein the client comprises an agent that 
periodically contacts the document control server to synchronize the offline access 
information (col.33, lines 1-67). 
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Regarding claim 50, Garcia teaches wherein the document control server 
comprises: a server core with configuration and logging components; an internal 
services component that provides functionality across dynamically loaded methods; and 
dynamically loaded external service providers, including one or more access control 
service providers (col. 32, lines 1-67). 

Regarding claim 51 , Garcia teaches a business logic tier comprising a cluster of 
document control servers, including the document control server; an application tier 
including the client comprising a viewer client, a securing client, and an administration 
client; and a load balancer that routes client requests to the document control servers 
(col.32, lines 1-67). 

Regarding claim 52, Garcia teaches wherein the client request comprises a 
request from the client to take an action with respect to a second document, and the 
document control server synchronizes offline access information with the client silently 
in a background process without the user being aware of the update (col.33, lines 1-67). 

Regarding claim 53, Garcia teaches wherein the document control server 
comprises a permissions-broker server including a translation component, the second 
document comprises a document secured previously by the permissions-broker server, 
and the translation component being operable to translate first document-permissions 
information in a first permissions-definition format into second document-permissions 
information in a second permissions-definition format in response to the request being 
received from the client (col.32, lines 1-67). 
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Regarding claim 54, Garcia teaches wherein the server comprises a 
permissions- broker server operable to identify information associated with the second 
document in response to the request, the associated information being retained at the 
server and indicating a third electronic document different from and associated with the 
second document, the server being operable to relate information concerning the third 
electronic document to the client to facilitate the action to be taken (col. 33, lines 1-67). 

Regarding claim 55, Garcia teaches wherein the server comprises a 
permissions- broker server operable to obtain and send, in response to the request, a 
software program comprising instructions operable to cause one or more data 
processing apparatus to perform operations effecting an authentication procedure, and 
the client uses the authentication program to identify a current user and control the 
action with respect to the second document based on the current user and document- 
permissions information associated with the second document (col. 32, lines 1-67). 

Regarding claim 57, Garcia teaches server means for dynamically obtaining 
and sending authentication processes in response to client requests to take actions with 
respect to electronic documents; and client means for interfacing with a received 
authentication process to identify a current user and for controlling actions with respect 
to electronic documents based on the current user and document-permissions 
information (col. 31, lines 1-67). 

Claim Rejections - 35 USC § 103 
8. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 
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9. Claims 2-3 and 24-25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Garcia. 

Regarding claim 2 and 24, Garcia does not expressly disclose wherein 
synchronizing offline access information with the client comprises comparing a time of 
last recorded client- synchronization with a time of last change in user-group information 
for the user. However, Examiner takes Official Notice that the USE of comparing times 
to determine whether to update or not was conventional and well known. Therefore, it 
would have been obvious to one having ordinary skill in the art at the time the invention 
was made to compare times of last changed when synchronizing content since 
Examiner takes Official Notice that it was conventional and well known. 

Regarding claims 3 and 25, Garcia does not expressly disclose wherein 
synchronizing offline access information with the client comprises: receiving user-group 
information for the user from the client; and comparing current user-group information 
for the user with the received user-group information for the user from the client. 
However, Examiner takes Official Notice that the USE of comparing membership was 
conventional and well known. Therefore, it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to compare times of last 
changed when synchronizing content since Examiner takes Official Notice that it was 
conventional and well known. 

Conclusion 

1 0. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to David Garcia Cervetti whose telephone number is 
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(571 )272-5861 . The examiner can normally be reached on Monday-Tuesday and 
Thursday-Friday. 

11. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on (571)272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

12. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/David Garcia Cervetti/ 
Primary Examiner, Art Unit 2436 



